Total
32156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14255 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations. | |||||
| CVE-2020-14221 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users. | |||||
| CVE-2020-14201 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code. | |||||
| CVE-2020-14198 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin Core 0.20.0 allows remote denial of service. | |||||
| CVE-2020-14191 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. | |||||
| CVE-2020-14189 | 1 Atlassian | 1 Jira Comment | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment. | |||||
| CVE-2020-14188 | 1 Atlassian | 1 Jira Create | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. | |||||
| CVE-2020-14180 | 1 Atlassian | 1 Jira Service Desk | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0. | |||||
| CVE-2020-14179 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. | |||||
| CVE-2020-14178 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. | |||||
| CVE-2020-14177 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from version 8.6.0 before 8.10.2; and from version 8.11.0 before 8.11.1. | |||||
| CVE-2020-14168 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability. | |||||
| CVE-2020-14167 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability. | |||||
| CVE-2020-14165 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability. | |||||
| CVE-2020-14150 | 1 Gnu | 1 Bison | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. | |||||
| CVE-2020-14131 | 1 Mi | 1 Xiaomi | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. | |||||
| CVE-2020-14129 | 1 Mi | 1 Xiaomi | 2024-11-21 | N/A | 9.8 CRITICAL |
| A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege. | |||||
| CVE-2020-14126 | 1 Mi | 1 Sound | 2024-11-21 | N/A | 7.5 HIGH |
| Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. | |||||
| CVE-2020-14114 | 1 Mi | 1 Smarthome | 2024-11-21 | N/A | 7.5 HIGH |
| information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. | |||||
| CVE-2020-14105 | 1 Mi | 2 Mi 10, Miui | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | |||||